If you’ve ever had your Office 365 account compromised, you know the sinking feeling that comes with realizing it: spam being sent in your name, unusual profile changes, mail forwarding that you didn’t set up, a fake signature.

You probably know to change your password right away, but there are other steps to perform that ensure your account stays safe. Even though we hope you never need this page, we suggest you bookmark it to come back to in the event that your account is compromised.

After you regain access to your account, go through these steps as soon as possible–within five minutes if you can–to secure your account.

1. Make sure that your computer itself isn’t compromised.

• Make sure that you have Windows Update activated. Check out this page for more information on Windows Update.
• Scan your computer with antivirus software to detect any malicious software that could’ve been installed on the computer. If you don’t have antivirus software, you can download it for free from Microsoft here.

2. Make sure your Office 365 account is locked.

• Reset your password immediately, and make it impossible to guess. Use upper and lowercase letters, at least one number, and at least one special character. Don’t reuse any of your last five passwords.
• If your account identity is on-premises (i.e. your business isn’t “all cloud,” but uses some physical servers) and your Office 365 identity is federated, you must change your password on-prem first, and then notify your IT administrator. If you have questions about whether or not your Office 365 identity is on-premises, notify your admin.

3. Make sure no one else can gain access to your account.

• If you’re using Outlook 2013, check Rules to make sure that your Exchange account isn’t auto-forwarding. Go to the FILE tab and click the Manage Rules & Alerts button. If there are any rules present that you didn’t set, select them, and click the Delete button. (Learn more about rules here.)
• Make sure that your Outlook account isn’t sending auto-replies.

4. Take additional precautionary steps.

• Check your sent items folder for emails that you didn’t send. If there are any emails sent to people on your contact list, you may need to inform them that your account was compromised, and warn them not to open the recent email from you.
• If any other services use this email account as an alternative address, they may have been compromised as well. After you perform these security steps, check your other accounts for breaches.

For more information, check out these links:

• Microsoft Safety & Security Center
• Internet Crime Complaint Center
• Securities and Exchange Commission – “Phishing” Fraud